How to send all website logs on a remote log server
I have an USG 110 device and willing to monitor the websites accessed through the device.
For this, I am forwarding the logs to a Graylog server which seems to work well.
The problem is that not all websites are logged. I can see a few of them, like:
push.bitdefender.net : Computers and Technology, Rule_id=9, SSI=N (Content Filter)
URL: push.bitdefender.net/poll?push_id=edb061ac-f2ce-4276-a5c3-a9bc1d3230d1
00=10 01=push.bitdefender.net 02=9 03=forward
But many of them are just missing. How is this possible? Has this something to do with the categories I selected in the Content Filter? In there, I have a couple of categories selected and the option for those is set to block.
Looking forward to hearing from you. Which option for LOG should be enabled in the log settings for website tracking?
0
Best Answers
-
Hi @Milos,
First, you need to enable "Log all web pages" in content filter profile
Then, select the log categories in Log settings to send to remote syslog server.
About the log categories of Content Filter. It's not that straight forward.
When I were a ZyWALL newbie. I also only select the "Content Filter" category. But it just include the configuration change logs. Not the web access logs.
Here the right categories that your need for all web access logging,
"Warning web sites" "Blocked web sites" "Forward web sites"
Ian
6
All Replies
-
Hi @Milos,
First, you need to enable "Log all web pages" in content filter profile
Then, select the log categories in Log settings to send to remote syslog server.
About the log categories of Content Filter. It's not that straight forward.
When I were a ZyWALL newbie. I also only select the "Content Filter" category. But it just include the configuration change logs. Not the web access logs.
Here the right categories that your need for all web access logging,
"Warning web sites" "Blocked web sites" "Forward web sites"
Ian
6 -
Thanks @Ian31, this is exactly what I have, but not all logs are sent on the Graylog server side.I am opening a few web pages, and only some of those are shown.The only difference we have is that on my side, Action for managed web pages is set to Block and I only have a few categories there like: Nudity, Pornography, Weapons etc. Any idea?0
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 149 Nebula Ideas
- 96 Nebula Status and Incidents
- 5.7K Security
- 264 USG FLEX H Series
- 271 Security Ideas
- 1.4K Switch
- 74 Switch Ideas
- 1.1K Wireless
- 41 Wireless Ideas
- 6.4K Consumer Product
- 249 Service & License
- 387 News and Release
- 84 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.5K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 73 Security Highlight